Skip to main content
Back to The Prompt Fixer™

Security at The Prompt Fixer™

We take security seriously. Here's how we protect your data.

Encryption
All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256 by our database provider (Supabase). Your prompts are transmitted securely.
Infrastructure Protection
Hosted on Vercel Pro with Web Application Firewall (WAF), automatic DDoS mitigation, edge caching, and global CDN distribution across 100+ edge locations.
Database Security
Powered by Supabase with Row Level Security (RLS) policies on all tables, ensuring users can only access their own data. Automatic backups protect against data loss.
Advanced Observability
Observability Plus provides 30-day log retention, detailed latency breakdowns, real-time performance monitoring, and comprehensive request analytics for proactive security.
Compliance
GDPR and CCPA compliant practices. We provide data access and deletion capabilities upon request. Built on SOC 2 Type II certified infrastructure (Supabase, Vercel, Anthropic) and PCI DSS Level 1 payment processing (Stripe).
Zero Data Retention
We use Zero Data Retention (ZDR) through Vercel AI Gateway. Your prompts are processed but never stored by AI providers or used for model training.

API Security

Network Protection

  • Web Application Firewall (WAF)
  • Automatic DDoS mitigation
  • TLS 1.3 encryption for all traffic
  • Rate limiting per tier

Authentication

  • API keys hashed with SHA-256
  • OAuth 2.0 support for apps
  • Secure session management
  • MFA required for admin access

Monitoring & Logs

  • 30-day runtime log retention
  • Detailed latency path breakdowns
  • Real-time anomaly detection
  • Full request data for edge & ISR

Data Security

  • Encryption at rest (AES-256)
  • Prompts not stored permanently
  • Row Level Security (RLS)
  • Automatic daily backups

Security Headers

HSTS

HTTP Strict Transport Security enforces HTTPS connections

CSP

Content Security Policy prevents XSS and injection attacks

X-Frame-Options

Prevents clickjacking by blocking iframe embedding

X-Content-Type

Prevents MIME type sniffing attacks

Referrer-Policy

Controls information sent in the Referer header

Permissions

Restricts access to camera, microphone, and geolocation

Vulnerability Disclosure Program

Found a security issue?

How to Report

  1. Email security@thepromptfixer.com
  2. Include detailed description and reproduction steps
  3. Allow reasonable time to fix before public disclosure

What to Expect

  • Acknowledgment within 24 hours
  • Status update within 5 business days
  • Resolution target: 30 days (critical issues)
  • Public credit if desired

Please Don't

  • Access other users' data
  • Perform DoS/DDoS attacks
  • Publicly disclose before we've patched

Incident Response

In case of a security incident:

1

Detection & Containment

< 1 hour

2

Investigation

< 24 hours

3

User Notification

Within 72 hours (if affected)

4

Remediation

Permanent fix deployed

5

Post-Incident Review

Improvements implemented

Third-Party Services

Our infrastructure partners and their certifications:

Supabase

SOC 2 Type II

Database and authentication. Also HIPAA-ready and GDPR compliant.

Stripe

PCI DSS Level 1

Payment processing. We never store card numbers on our servers.

Vercel

SOC 2 Type II + ISO 27001

Hosting, deployment, and AI Gateway with global edge network.

Anthropic (Claude 3.5 Haiku)

SOC 2 Type II

AI processing via Vercel AI Gateway with Zero Data Retention (ZDR). Anthropic is a verified ZDR provider - your data is not used for model training.

All vendors undergo security review before integration. Your data flows through certified infrastructure at every layer.

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

  • Email: security@thepromptfixer.com
  • Include detailed steps to reproduce the issue
  • Allow reasonable time for us to address the issue before disclosure
  • Do not access or modify other users' data

Last updated: January 2026